Asked why he did it, suspected burglar Arturo Galvan reportedly told police:
“I wish I knew."
Computers, iPads, TVs: those valuable items make burglary sense.
But bras? Panties?
There was, apparently, a sexual component to the burglaries, police said.
In fact, the targets were college-aged female victims, and police believe that Galvan hunted them down by using the location data from photos posted on Instagram and other social media sites to pinpoint where they lived.
You know, the same location data used in a project entitled I Know Where Your Cat Lives, made possible by all those location-revealing cat pictures we love to post.
Galvan, a 44-year-old Los Angeles man, was arrested last week, the Fullerton Police Department (FPD) said on Monday.
Police suspect that he’s responsible for six burglaries at four Los Angeles locations dating back to October. They also think that he is responsible for a similar number of burglaries near Chapman University in Orange, California, earlier this year.
Victims were home in some of the break-ins.
The FPD got a search warrant and searched Galvan’s home on Monday, finding what they said was “a garage-full” of stolen items belonging to 24 victims.
The police told the LA Times that the panties were in the garage, while the electronics were piled up in the house.
Beyond panties and bras, police allege that Galvan stole framed photos of women and jewelry from the homes and apartments he’s suspected of hitting.
Clean and snatched from drawers, dirty ones fished out of laundry baskets, the occasional male roommate’s undergarments mixed in, it didn’t matter: his alleged panty raids did not discriminate.
Galvan was released from jail Saturday after posting bail of $200,000.
He faces charges of burglary, receiving stolen property, and peeping and prowling.
When an artist creates a map of where to find all the posted cats in the world, all thanks to their owners not turning off location services, it’s cute and funny, although slightly alarming.
But when women are stalked and victimized with the assistance of location data, it’s a frightening wake-up call about the real-life dangers of geolocation information we post publicly for any stalker, burglar or other criminal to see.
Don’t put your location into cybercreeps’ hands.
For more details about managing geolocation on your phone, read our article on smartphone privacy and security.
And, please, set your social media to only be viewed by only your connections! Whether it’s Instagram or Facebook, you wouldn’t show a stranger in your street your photos, so why do it online?
Doug
Wait, has Facebook stopped stripping out EXIF?
Paul Ducklin
I just spoke to Lisa and it seems that the police didn’t mention Facebook explicitly as an “EXIF preserving” social media site. (A quick test suggests that Facebook is indeed, still removing EXIF data from posted images.)
So we’ve modified the article to avoid that confusion. Thanks for the note!
Jason Bowdich
I see that you’ve just changed your headline to “Underwear thief used Instagram location data to find victim’s homes.” That is still false. Instagram scrubs EXIF data just as Facebook does. The underwear thief did not get his location information from Instagram pictures.
Dave Anderson
FYI- There’s no EXIF data in Instagram photos. The headline for this story is wrong: “Underwear thief used Instagram location data to find victim’s homes”
Roger
Can you please clarify your headline by explaining what location data is revealed in Instagram photos? Do you mean EXIF data or something else? Instagram has been automatically stripping EXIF data from its photos for years.
Anna Brading
The Police said they believe he used “pictures of his victims posted online and then obtained the GPS coordinates embedded in the photos”. Since Instagram strips EXIF data, it’s possible he used the data taken from victims’ Photo Maps. See here: https://help.instagram.com/502180853174568/
Anonymous
This is an app specific “location services on” issue not an EXIF issue. While the original and revised titles may be obviously inaccurate to those of who are not tech challenged it certainly makes for standard sensationalist media reporting….
Paul Ducklin
I think that’s a *bit* harsh, don’t you?
We’re not saying exactly how the crook traced the victims he fancied to their homes, but the police did say that they “believed it was data in the image files.”
To be honest, I suspect that the cops have it at least partly wrong, and that EXIF data was probably a small part, if indeed any part, of the MO. Nevertheless, all sorts of geolocation data – whether you once inadvertently shared your address online, or whether you like to write geotagged posts, or whether you have a camera with GPS and don’t even know it – is ripe for criminal abuse.
To be sure, it’s no good relying *only* on purging EXIF data as a privacy measure when posting to Facebook, if FB removes that data anyway. You need to consider other aspects of geolocation leakage. But you ought to know about EXIF data, and how to control it, because you can’t rely only on app or OS-specific location data sharing if you’re going to have snapshots lying around that locate you anyway – ask John McAfee :-)
And that’s what the article tries to teach, don’t you think? That there are many aspects to keeping crooks from keeping tabs on you all the time…and it pays to be aware of them.